Archive for August 21, 2023

It Appears That Petro Canada Will FINALLY Let You Have Access To Your Petro Points Account After They Got Pwned In June

Posted in Commentary with tags on August 21, 2023 by itnerd

So, it’s been since late June since Petro Canada got pwned by hackers. And in the process, all of this happened:

But late this afternoon, this changed when Petro Canada published a Petro Canada app update:

Well that’s interesting. So in the interest of science, I downloaded the app and tried to change my password via the App. That failed miserably. So I ended up going to petro-canada.ca and changing it there. My guess is that the fact that you are being forced to change your password implies that this was the attack vector that the threat actors used to get into their systems and pwn them. Or the threat actors were able to steal the login credentials of Petro Points users after they got in. Either is plausible.

Once I was in, I was able to see my points balance which seems right, and not much else. So that means that everything is fine and Petro Canada is off my naughty list.

No.

Let me take you back to this story that I wrote. In it Petro Canada admitted the following was swiped when they got pwned by hackers:

The information that was swiped creates a perfect jumping off point for identity theft for starters. Never mind any number of other scams, fraud, or targeted cyberattacks. Petro Canada said sorry for that, but sorry is not good enough when your personal info is out there for any threat actor to use against you. At the very least, free credit monitoring for every person affected by this hack should be offered by Petro Canada. But to date, that hasn’t been offered. So that leads me to plan b: Class action lawsuit. The fact is that the only way that Petro Canada can be held accountable for this is by a class action lawsuit where the courts will hold them accountable. Plus it will send a clear message that if you don’t take cybersecurity seriously, you will be held accountable in court and it will be expensive. Thus when the first class action lawsuit gets filed, I’ll be joining it. And I suggest that you do the same if you were affected by this.

Oh, by the way, just as I said here, the second I was able to log in I cashed out my Petro Points in the form of iTunes gift cards, and I will be using up my gas discount cards as quickly as possible. After that, I won’t be using Petro Canada as my gas station again as they simply cannot be trusted to keep their customer’s information secure.

1 Comment »

Donald Trump’s Legal Defence Fund Website Appears To Have Been Pwned

Posted in Commentary with tags on August 21, 2023 by itnerd

Forbes is reporting that Donald Trump’s legal defence fund website which is called the Patriot Legal Defence Fund has been pwned by unknown hackers. From Forbes:

The Patriot Legal Defense Fund website, seemingly established to support aides and employees of former President Donald Trump with their rapidly increasing legal expenses, has been hacked. The home page has been defaced to strike through Trump’s name and add an “America Is Already Great!” strapline. But the hacker has altered far more than just the banner.

As first reported by Raw Story, the Patriot Legal Defense Fund website defacement was apparently hacked late on Friday, August 18. At the time of publication, the site remains up and is still defaced.

Seriously? This site has been pwned since last Friday and they haven’t taken it down? I’m not kidding. If you go there right now by clicking here, you can see for yourself. That suggests to me that whomever is behind the site has lost control of it.

What losers.

This highlights the fact that the people behind Trump’s digital media strategy are not that bright. But given how much of a gong show Truth Social’s launch was, nobody should be surprised. And it underscores that everything that Trump touches, goes off the rails and becomes a train wreck next to a dumpster fire.

Leave a comment »

Bell introduces exclusive back to school offers for post secondary students

Posted in Commentary with tags on August 21, 2023 by itnerd

With prices increasing on almost everything, we’re all looking for ways to save, especially this back to school season. Bell is here to help – Bell has introduced exclusive offers for post secondary students on Fibe Internet and mobile phone plans with a dedicated student page to make it easy and convenient. Not only that, Bell’s offering savings to everyone this back to school season.

Bell Fibe Internet and rate plans for post secondary students These offers are available exclusively for post secondary students. Fibe Internet
 ·         Ontario: Get Gigabit Fibe 1.5 for as low as $60 a month for the next 24 months in select areas
·         Québec: Get Gigabit Fibe 1.5 for as low as $45 a month for the next 24 months in select areas (for new or existing customers)
·         Manitoba, New Brunswick and Newfoundland: Get Gigabit Fibe 1.5 for $70 per month
·         Nova Scotia and Prince Edward Island: Get Gigabit Fibe 1.5 for $75 per month Rate plans 
·         Alberta, British Columbia, Ontario and Atlantic Canada: Get 50GB for $55 per month
·         Manitoba, Saskatchewan and Québec: Get 20GB for $45 per month 

Check out the student page for all the details and more! 
Smartphones Apple
·         Save up to $360 on iPhone 14 series smartphones

 Samsung
·         Save up to $790 on select Samsung smartphones
 
Google
·         Save up to $696 on Google Pixel 7 series smartphones 

Check out the smartphones page for all the details and more! 
Accessories ·         Save up to 40% on select charging solutions
·         Save up to 30% on select phone cases
·         Save up to 20% when you bundle 3 or more items at participating stores; conditions apply 

Check out the accessories page for all the details and more! 
Connected ThingsWith the purchase of a Pixel 7, Pixel 7 Pro or Pixel 6a, get $200 off towards the purchase of a Google Pixel watch.
·         Offer runs until September 14
·         Eligible in-store only, must purchase with Bell SmartPay
·         May be combined with all other available offers 

With the purchase of select Samsung S series and Z series smartphones, get 50% off towards the purchase of a Samsung Galaxy Watch 6 and/or Watch 6 Classic.
·         Offer runs until September 13
·         Eligible in-store only, must purchase with Bell SmartPay
·         May be combined with all other available offers 

Check out the connected things page for all the details and more! 
Back to School at Staples with Bell, Virgin Plus and Lucky Mobile Get all your devices connected to the best plans from Bell, Virgin Plus and Lucky Mobile at your local Staples store. In addition to mobile services, you can also visit in-store to discover Internet and TV solutions from Bell. 

Exclusive offers will be available in-store this back to school season, which includes discounts on new phones, plans, accessories and gift with purchase incentives.

Leave a comment »

Guest Post: The five key characteristics of an application observability solution 

Posted in Commentary with tags on August 21, 2023 by itnerd

By: Gregg Ostrowski, CTO Advisor, Cisco AppDynamics

Application observability has become a strategic focus for organizations across all industries. As IT teams face rising levels of complexity, they are actively seeking new tools, structures, and ways of working to effectively deal with these challenges. Technologists recognize that they need to move beyond traditional application monitoring approaches to manage and optimize increasingly fragmented and volatile hybrid environments. 

According to the latest research from Cisco AppDynamics, The Age of Application Observability, 53 per cent of organizations are already evaluating application observability solutions, and 44 per cent are likely to do so in the next 12 months.   

But with the pressure mounting on technologists to accelerate innovation and deliver seamless digital experiences, it’s essential that IT teams are able to identify the right application observability solution. More specifically, they need to ensure that they have unified visibility across their hybrid IT estate. 

A notable 89 per cent of technologists report that their organization’s expectations around application observability solutions are increasing. Businesses are looking at application observability to address some of their biggest strategic challenges, from embedding innovation into their everyday operations through to breaking down the organizational silos that exist between people, processes, and data.  

Here are five essential attributes to consider when evaluating application observability solutions:

 1. Integration of application availability and performance data with security

The most significant challenge technologists encounter while managing hybrid environments is the expansion of attack surfaces. With application components running across a mix of cloud native platforms and on-premises databases, visibility gaps are being exposed, leading to an increased risk of security events.   

Therefore, application observability solutions must combine performance and security monitoring. This allows IT teams to grasp the potential impact of vulnerabilities and incidents on end users and the business. By utilizing business transactions insights and severity scoring, IT teams can prioritize threats based on their contextual relevance, particularly those that may affect critical areas of the environment or application. Technologists can cut through the data noise caused by high volumes of security alerts and focus on the things that really matter.  

Technologists want an application observability solution that leverages automation and AI to automatically detect and resolve issues across the application landscape. AI should be deployed for continuous detection and prioritization, so that security exploits are identified and blocked automatically, without human intervention, maximizing speed and uptime while minimizing risk.    

2. Ability to validate investments in cloud native technologies   

Among the ongoing economic slowdown, digital transformation budgets are facing scrutiny, and IT leaders are under mounting pressure to justify their cloud investments. Despite this, a staggering 84 per cent of technologists admit that they struggle to align cloud costs with business performance.   

This is why technologists want an application observability solution which correlates IT data with business metrics. This enables IT leaders to generate business transaction insights in real-time, and then to view them in business-level dashboards. They can measure and demonstrate the value that their innovation programs are generating.  

Application observability should allow IT teams to make insight-driven decisions around investment. Indeed, 88 per cent of technologists claim that application observability with business context will enable them to be more strategic and spend more time on innovation. 

3. Simplifies rather than adds to complexity   

83 per cent of technologists state that levels of complexity within their IT department are rising because of increased deployment of cloud native technologies. IT teams are being bombarded with overwhelming volumes of metrics, events, logs and traces (MELT) data from microservices and containers.  

It’s essential that application observability solutions are able to simplify complexity, separating signal from noise to provide IT teams with key insights on application availability, performance and security. Technologists need a solution which offers complete visibility across the application landscape to easily understand how applications and digital services are performing in real time.

4. Provides a single version of truth for all availability, performance and security data   

With most IT departments still deploying separate tools to monitor cloud native and on-premises technologies, IT teams don’t have complete visibility up and down the application path where components are running across a hybrid environment. This approach reinforces siloed working practices and cultures, as teams are confined to their own datasets.  

Technologists are looking for an application observability solution which provides a single source of truth for all availability, performance, and security data. Application observability should provide a platform for much closer collaboration between developers, operations, and security teams, paving the way for a DevSecOps approach in the IT department. Technologists want application observability to unite IT teams around a common purpose and shared vision. 

5. Utilizes OpenTelemetry

As organizations transition to modern application stacks, OpenTelemetry becomes essential for IT teams seeking to effectively manage and optimize availability and performance within dynamic cloud native environments.   

This is why technologists point to the need for an application observability solution which can ingest the massive volumes of data they get from OpenTelemetry. Moreover, it should seamlessly integrate this data with information gathered from other sources through agents and public cloud environments like Kubernetes. 

Technologists want a unified application observability solution which can extract business transactions from OpenTelemetry data. This allows IT teams to generate business context throughout the overarching application flow to always drive seamless digital experiences.  

With application observability now a priority for 85 per cent of organizations, IT leaders will be looking to develop a holistic and future-proof strategy for their organization. This means finding a solution which provides flexibility to span across both cloud native and on-premises technologies, to provide IT teams with the real-time insights they need to manage and optimize application performance across hybrid environments.  

Ultimately, organizations need an application observability solution which meets the current and future needs of all technologists, enabling them to accelerate innovation and maximize their impact on customers and the business.  

    

Leave a comment »

Elon Musk Says That Twitter May “Fail” In A Tweet

Posted in Commentary with tags on August 21, 2023 by itnerd

Well, I never thought I would be writing this headline. But I am which is a sign of how weird this situation is. After this issue over the weekend, Elon Musk has come out and posted this on X/Twitter:

So is he admitting that Twitter/X is doomed? It’s very hard for me to gauge what’s going on inside his head. And to be frank, I don’t want to be inside his head as it’s likely not a nice place to be. But perhaps things have gotten so bad that even he has to admit what the world already knows.

1 Comment »

TELUS Customers Have Joined Rogers Customers In Being The Targets Of A Phone #Scam

Posted in Commentary with tags , , on August 21, 2023 by itnerd

Recently, I wrote about being the target of a phone scam using the Rogers name. Well, I had a reader of this blog reach out to me last night to say that he had been targeted in similar scam using the TELUS name.

The person told me that the threat actor offered him a $40 a month plan with a “free” iPhone 14 Pro Max. Now if that sounds familiar, it’s a very similar pitch that I got from the threat actor who claimed to be Rogers. Now he asked for the details via email to make sure he got it in writing. And he did get them. But he got them from an email address ending in “mail.com.” This tipped him off that this was a scam and he hung up. But not before providing his drivers licence number and home address. Which is bad as that is a great jumping off point for a threat actor to launch an identity theft scam. On my advice, he’s enabling credit monitoring via Trans Union and Equifax to make sure that he catches anything that these threat actors do. And it’s a safe bet that he’s likely to be the target of more scams in the future as he’s now on the radar screens of the threat actor.

Now, to make sure that you stay safe, here’s some advice in terms of protecting yourself:

  • Remember that Canadian cell phone plans are among the most expensive in the world. And carriers don’t give away phones. Especially iPhone 14 Pro Max models. Thus if it sound too good to be true. It is likely too good to be true.
  • If you want to verify if a deal is true or a scam, hang up and call TELUS using a number from their website. Do not rely on the number that you see on your phone’s call display as that could be a number that has been spoofed.
  • Under no circumstances should you give out any personal information to anyone who calls you in this manner.

What’s clear here is that the threat actors have either moved on from using the Rogers name to run their scam, or the threat actors are running the two scams in parallel. Which means that they could move to using Bell, or Freedom, or any other carrier at any time once the word gets out that the scam exists and is tied to a specific carrier. That means you need to keep your head on a swivel at all times to make sure that you don’t get taken advantage of these scams.

Finally, if you’ve come across one of these scams, please reach out to me so that I can publish the details and expose these scams so it limits how effective they are. Also reach out to the phone carrier in question so that they can take actions on their end. Because whomever this threat actor is, they’re clearly busy trying to scam Canadians out of their hard earned money.

2 Comments »

Elon Musk #Fails Again As Twitter Posts Before December 2014 Have Their Links Or Images Deleted

Posted in Commentary with tags on August 21, 2023 by itnerd

Just when you think Elon Musk can’t find any new ways to make X/Twitter any worse than it already is, he surprises you and does just that. In this case according to The Verge, if you have a Twitter post before December 2014 apparently have had any links or Images in them deleted:

X, which was formerly known as Twitter until its recent rebranding, is having a problem displaying old posts that came with images attached or any hyperlinks converted through Twitter’s built-in URL shortener. It’s unclear when the problem started, but it was highlighted on Saturday afternoon in a post by Tom Coates, and a Brazilian vtuber, @DaniloTakagi, had pointed it out a couple of days earlier. 

As it is, it appears to affect tweets published prior to December 2014, judging by posts visible on my own account. No videos are affected (Twitter only added native image support in 2011 and built-in videos in 2016), but links to YouTube, for example, are now just text with a t.co URL that doesn’t work.

On Saturday afternoon, as Coates pointed out, the glitch claimed the picture from one of the most famous tweets ever (back when they were still called tweets), this selfie posted by 2014 Oscars host Ellen DeGeneres flanked by celebs like Bradley Cooper, Jennifer Lawrence, and others, taken during the show’s broadcast. It quickly became the “most retweeted ever,” with over 2 million shares on the platform. 

I haven’t seen any public comments from owner Elon Musk or X CEO Linda Yaccarino about the problem, but at some point on Saturday night / early Sunday morning, the picture in that post was restored. 

Despite speculation that it could be an intentional cost-cutting move by Musk, the fact that the actual media posted hasn’t been deleted suggests an error or bug of some kind, one of many that have arisen since last year’s takeover and mass layoffs.

First of all you’re not going to see any comment from Elon or Yaccarino on this or anything else that goes wrong with Twitter/X as that would force them to admit that Twitter is broken. Which they won’t ever do. I am going to assume that now that this is out in the public domain, this will get fixed somehow. But it illustrates how unstable the platform is. And if the rampant hate along with Elon’s “ready, fire, aim” mentality isn’t enough to make you run from Twitter, this is another reason to get off the platform.

2 Comments »